A fake e-mail containing a deadly North Korean virus is circulating internationally under the pretext of a job vacancy at Hindustan Aeronautics Limited (HAL), which is a public sector undertaking, under the Indian Ministry of Defense.
The Indian state-owned aerospace and defence company, HAL is headquartered at Bengaluru in Karnataka. The hoax mail containing Manuscrypt malware claims of a job vacancy for a manager at HAL with a salary of Rs 1.8 lakh per month. The same malware was used by Lazarus group (North Korean cyber criminals) against the G20 International Financial Architecture Working Group Meeting and also targeted its attendees, who met to discuss economic policies among the world's financial superpowers.
Document contains malicious code
This malware will be hidden in malicious documents created in Hangul Word Processor (HWP), a South Korean document editor. The document contains malicious code to download Manuscyipt malware. Lazarus had reportedly used the malware in advanced persistent threat (APT) attacks targeting financial institutions.
According to the reports, Italian cybersecurity has revealed that a leading financial institution in Italy has received the fake HAL email. All the Italian companies have been warned of maintaining due caution over such mails. The details of the virus program have been handed over to the Indian cyber cell.
The mail came with an attached Microsoft Word document from a fake e-mail id containing the web address of the victim's financial institution. Once the attachment is opened the whole network managed by the system will be under the hacker's control.